back to article Microsoft EU warns: If you have ties to the US, Feds can get your data

Apple, Cisco, Verizon and AT&T are considering joining Microsoft’s battle against the US government to safeguard customers' privacy – but European corps should also take note. Microsoft is embroiled in a legal case to resist US authorities’ efforts to seize emails stored on servers in Ireland. The warrant was issued in …

  1. Anonymous Coward
    Anonymous Coward

    I so want to believe

    That the outcome to this spat will have some material affect on what the US governement considers it should have open access to.

    1. Anonymous Coward
      Anonymous Coward

      Re: I so want to believe

      I so want to believe that the outcome to this spat will have some material affect on what the US governement considers it should have open access to.

      I think it is - I have had chats with EU officials on the topic, and there is hard evidence on the table that US law is aggressively starting to affect the ability of large US companies to sell into the EU. There are all sorts of shenanigans taking place to try and force some kind of fudge that would still allow US companies to sell despite the privacy risks.

      Big companies equates to big campaign contributions, so I suspect this is starting to lead to a showdown between those who need weak privacy laws to generate revenue (I'd think the likes of Facebook and Google are in that category, despite their protestations to the contrary), and those who need a return to a previous position to protect their income.

      One thing is sure - this fight is *long* from over, and it has yet to become dirty. I suspect that will happen soon, though.

  2. This post has been deleted by its author

  3. Gray
    Boffin

    Europe: firewall your data

    "We want to be able to tell our customers with certainty that proper legal procedures will be followed in the event of any authority wanting access to their data."

    Not likely to happen. The War on Terror US national security paranoia is exponentially inflamed by ISIS global recruiting and their recent call for random attacks everywhere. The Canadian Parliament attack will further justify ramped-up US covert digital surveillance actions, with new support from the Republican right-wing wingnuts when they gain total control of Congress in this November's elections.

    1. Anonymous Coward
      Anonymous Coward

      Re: Europe: firewall your data

      It may well have been a good idea for the US not to play 'Gosh I am an idiot, I'll do it the idiot's way' and simply followed the laid down protocol and ask the right Irish authorities the right way. They would almost certainly have had the data by now...

      I can see the case for better targeting of data sweeps in the light of the increase in attacks by those who wish to show their cause has no value. However, by putting the US Government in the same scoflaw camp they are hardly doing themselves any favours.

      The clear need for everyone outside of the US is to avoid any and all data storage involving any US related business. Sorry to rain on cloud ideas, (which I always though were crap anyway) but I have yet to see any even poor reason for handing over my data to anyone for storage. Good reasons are already like four legged gooseberries.

      I can see the case for US citizens with plenty to hide wanting to store their data out of reach, but I am working hard and failing to decide why an on-line method was a good idea even for them. Can someone help me out?

    2. Mike VandeVelde
      Alert

      Re: Europe: firewall your data

      Mexican drug cartels are worse than ISIL

      Western obsession with the Islamic State is fueled more by bigotry than any genuine assessment of risk or atrocities

      http://america.aljazeera.com/opinions/2014/10/isil-vs-mexican-drugcartelsunitedstatesislamophobia.html

      1. dan1980

        Re: Europe: firewall your data

        @Mike VandeVelde

        I am no expert (on any topic) but the real danger is not ISIS/ISIL, but IS. Yes, this is the same group but the difference is in how they think about themselves. We use the Islamic State of Iraq and Syria/the Levant but they refer to themselves simply as 'IS' - the Islamic State.

        By that I mean that the goal is not to retain/strengthen/unify Islam in two areas of the Middle East but to form a new Islamic Caliphate - an empire encompassing all muslims and one that is very much an imperialist one.

        While Mexican drug cartels are a massive problem, they are not the same type of problem. Loss of innocent life is always lamentable and to be abhorred but IS/ISIS/ISIL threaten the stability of an entire region and are drawing ever more to their cause. They do not simply want to reap unrestrained ill-gotten profits but to lead a conquering force in the establishment of a new Islamic Empire.

        In some ways, they resemble the Ottoman Empire in that those areas the conquer are stable but it is utter subjugation and there is no democracy and so the conquered towns remain stable and their people safe only so long as they are completely obedient to the rule of IS.

        The 'whataboutery' of that Al Jazeera piece is par for the course.

        Is IS any less of a threat or less of a problem because there are other - perhaps worse - problems? Let us say that as of right now Mexican drug cartels are a larger danger to innocent lives than IS. If left unchecked, however, how long before IS catches up and overtakes them?

        I am not one for war or for interfering in other peoples' affairs but there is a chance here to take action and prevent a greater problem while it is still in it's (relative) infancy.

        But all of this is off topic.

        1. MacroRodent Silver badge

          IS (Re: Europe: firewall your data)

          Hopefully the spread of IS will be limited by the fact that its ultra-violence will turn everyone except lunatic-fringe islamists against them. Also there is the matter of resources. The narcotics cartels have a money-machine in the inexhaustible demand for illegal drugs in the US. But illegal oil is harder to smuggle and sell profitably (for one thing, oil is bulky), so that source of funds is easier to shut down.

          1. dan1980

            Re: IS (Europe: firewall your data)

            Well, one thing people recognise is that IS is well funded - and well organised, which points to some serious backing.

            The other thing that has struck people is the way they set up 'governments' after a fashion and those areas they have subdued do actually achieve stability - certainly more stability than some of these regions and towns have had in recent times.

            While this sounds like a good thing, it's one of the most worrying signs because it shows them as clear imperialists, looking to establish their caliphate.

            Unchecked it will very likely spread quite alarmingly.

            1. Mike VandeVelde
              Unhappy

              Re: IS (Europe: firewall your data)

              > But all of this is off topic.

              This is a story about a drug dealer, and OP mentioned the Islamic State, it seemed to me like the right place to post the link.

              > I am not one for war or for interfering in other peoples' affairs but there is a chance here to take action and prevent a greater problem while it is still in it's (relative) infancy.

              That's exactly the attitude that got us to this point. What kind of Islamic State do you think there would be today if bunker buster bombs and drone launched hellfire missiles hadn't rained down on Iraq, Afghanistan, Pakistan, Libya, Palestine, Yemen, Somalia, etc over the last few decades? Now more of the same will somehow solve the "problem", this time for suresies? I'm sorry but that's fucking madness.

              > Unchecked it will very likely spread quite alarmingly.

              Is it too late already? That's what has worried me the most, especially since the massive <AppropriateWordDoesNotExist> that was the invasion and occupation of Iraq, that our chickens would finally come home to roost and it would no longer be an issue of guys like us typing our #FirstWorldProblems scholarly internet discussions on the pros and cons of the deaths of hundreds of thousands of other people over there, but being able to look out our windows and see it in our streets like we've made happen for so many people around the world for so long. I'm scared we will keep this shit up until we actually are facing an existential threat and have no choice but to actually defend ourselves, as opposed to these idiotic adventures over there we keep on somehow convincing ourselves are reasonable ideas. Why wouldn't these people band together and exact vengeance? What would you do? What will we do? Fuck.

              1. Trevor_Pott Gold badge

                Re: IS (Europe: firewall your data)

                "Why wouldn't these people band together and exact vengeance?"

                There is no reason to expect them to do anything other than what they are doing. They are leading a crusade. Once upon a time, we did this too. But the reasons for this are not rooted in the past 20 years, but the past 100. This is Britain's mess. The rest of the world is still cleaning it up. Britain must never again be allowed to draw national borders. Ever.

                "What would you do?"

                Well, me, personally, I'd not be worshiping a god that doesn't exist and killing in it's name. But that's me. If there were a bunch of foreigners bombing my home every bloody day, I'd probably pick up a stick, sharpen it, and go put the pointy end into one of the people making my home go boom.

                "What will we do? Fuck."

                Wipe them out. All of them. There is only one way this ends. History has taught us this, and we've been dancing around it for the past 40 years.

                This is a religious holy war. There is no reasoning with these people. The only answer it complete and utter subjugation. Wipe out their ability to make war. Destroy their ability to organize the radical aspects of their religion. Begin a massive, centuries long campaign to assimilate their culture.

                It's horrible. It's awful. It's brutal and it's obscene. It is also the only possible solution that is rational, because every other alternative has them leading an ever-increasingly-well-financed and organized holy war of vengeance against a massively dehumanized enemy (everyone who is not them). It will be the sort of war where outrageous violence and war crimes are considered points of honour and pride, not something you get brought up on charges for.

                History has taught us all about this stuff. This is where you control the populace by burning people alive. This is where you ban education except for the select few. This is where you keep those with morals working for you by bringing in a 14 year old girl and slowly murdering her over days in front of the "moral" person and then informing them that for each day of non-compliance another will be killed just like that right there.

                This sort of war is where things happen that would blacken your soul to even think about. It is the sort of war where people volunteer to be suicide bombers by the tens of thousands. It is the sort of war that is remembered for thousands of fucking years.

                If we do not prevent the formation of an ultra-religious extremist state bent of wiping out the entire population of the earth that disagrees with them then we are looking at the motherfucking sack of Troy, but with SCUDs, Tanks and - eventually - ICBMs.

                So what do we do? We end these people. As quickly and as efficiently as is possible, and we pray to our descendants for forgiveness for the sins we are about to commit.

              2. dan1980

                Re: IS (Europe: firewall your data)

                @Mike VandeVelde

                Again, I am anti-war, as a general rule and do agree that the manner in which the Iraq war was carried out could be deemed farcical but for the fact that it cost so many lives.

                However, one defence of this war - at least the reasons for it - at least some way to helping me understand some of the more just reasons that it may have been necessary.

                For anyone interested, it was the late Christopher Hitchens debating his brother, Peter. Find it online but I recommend the bit about religion.

                One thing that I got from Christopher's arguments was that to discuss the war in Iraq in any sensible manner, you have to separate out the reasons from the events.

                1. dan1980

                  Re: IS (Europe: firewall your data)

                  Sorry, I recommend skipping the bit about religion.

                2. Mike VandeVelde

                  Re: IS (Europe: firewall your data)

                  So, reasons for the occupation of Iraq:

                  1. To eliminate the imminent threat of the use of weapons of mass destruction. Nope, there actually weren't any, so let's not talk about that.

                  2. For oil. The fact that Iraq was abandoning the use of the USA dollar for trading oil is just conspiracy theory, so let's not talk about that or pipelines and whatnot.

                  3. Because Iraq was ruled with an iron fist by a dictator who brutally crushed all opposition to him. Let's talk about this, but only if we separate out the reasons from the events???

                  The events were that we crushed all opposition to our rule 10 times more brutally than Saddam ever dreamed of doing. So yes, if we leave out what actually happened, with a huge dose of selective amnesia you could maybe feel pretty good about ourselves. But not me man, sorry.

  4. Vimes

    Remind me where the house of commons here has located its email systems? Oh, that's right: servers in Ireland.

    Under Microsoft's control too.

    You really couldn't make this stuff up, and what's even worse is that the likes of William Hague still seem to cling to the rather quaint belief that the US will stick to its international obligations, even after the blatant display that shows that the rules only hold up as long as US judges want them to.

    http://www.computerweekly.com/news/2240230372/Hague-reassures-MPs-on-Office-365-data-storage-as-Microsoft-ordered-to-hand-over-email-data

    It's just a pity that somebody in his position can't do better as a response than sticking his fingers in his ears and shouting 'LA-LA-LA!!!-I-can't-hear-you-LA-LA-LA!!!'

    1. This post has been deleted by its author

    2. kmac499

      Chatting with a a friend last night. His employer is working on a major UK Gov project (Civilian not military), and they are not allowed to use offshore data storage or cloudy officey type software..

      1. Vimes

        @kmac499

        Which major project was that?

        According to the government's own G-cloud records there seems to be plenty of SaaS activity that involve US companies. Try looking up all those huddle licence records as one example - a range of different organisations use them, including the likes of the CPS and DWP. The following type of line seems quite common in the CSV based records too:

        Software as a Service (SaaS),01/06/2012,1494.8,Health,Large,SharePoint Online (Plan 2),MICROSOFT IRELAND OPERATIONS LTD,West Midlands Ambulance Service NHS Trust

        So the NHS also seems to be using Irish based services? There's also a number of references to EMERGN LTD elsewhere in the CSV file (filed under 'Specialist Cloud Services'), which seems to have a US presence and therefore would be presumably open to attack from the US legal system too. Such entries exist for Department for Work And Pensions & Ministry of Justice amongst others.

        There's probably others, but personally I don't believe things are as strictly implemented as you have been lead to believe.

        1. Yet Another Anonymous coward Silver badge

          Re: @kmac499

          How does not being offshore help?

          The US govt can demand data held on Microsoft (Or IBM, or Amazon or Oracle or any other US corp) owned servers in Britain just as easily

      2. Trigonoceps occipitalis

        Serious question: Is "offshore" defined as out of the UK or out of the EU?

        1. JustNiz

          I've previously worked for the MOD. I know nothing of this specific case, but would be surpised if its anything other than inside the UK only (and possibly not including Northern Ireland depending on the project's actual security classifcation).

        2. Anonymous Coward
          Anonymous Coward

          It's not "where" it is

          The relevant thing is the company that holds it.

          The company needs to be EU based with absolutely no US involvement. It's been coming for a long time but it seems to be the case now that if you have anything covered by data protection legislation, it must be kept out of the hands of any company with links to the USA.

          We can have things held by other countries if they follow the rules but the USA has indicated that nobody it has any control over will be able to keep things securely.

          I am sure this is bad for trade etc but it may have the positive side effect of annoying the **** out of UKIP and other xenophobes by keeping it in the EU.

          1. Gordon 11

            Re: It's not "where" it is

            The relevant thing is the company that holds it.
            How long will it be before some enterprising seller comes up with the novel idea of selling disk storage that companies can run themselves, on their own premises?

  5. Anonymous Coward
    Anonymous Coward

    PR

    If MS where really that concerned, they'd just "lobby" it as usual.

    1. malle-herbert
      Big Brother

      Re: PR

      Oh... they're concerned allright... about making money...

      But in the long run MS will bow down to their masters just like all the other companies...

  6. Anonymous Coward
    Anonymous Coward

    bypassing the Irish system

    If the feds were concerned with drug traffickers, they would simply apply to the Irish authorities so apparently they seem to be more concerned with extending their reach than catching criminals. Unfortunate they found a weak judge prepared to go along with this charade, blissfully unaware of the significance of the case and presumably ignorant of international law.

  7. Graham Marsden
    Meh

    "to safeguard customers' privacy"

    ... From the US Government. Not from their company...

  8. Arctic fox
    Headmaster

    The US Federal authorities operate by Caeser's dictum.

    His writ runs wherever his legions can march. They have in practice very little more respect for the sovereignty of other nations than such people as Putin have.

  9. Anonymous Coward
    Anonymous Coward

    I can understand why the US tech companies are so concerned. If this stands European companies would have to move to non US companies for cloud services as they'd have no legal protections against arbitrary search and seizure of there private information. Given EU data protection commitments I suspect Eu companies could find themselves in breach of the law if they continue to use US cloud companies. Given that this search and seizure would almost certainly be a contractual breach by the US company I suspect that EU companies could use that as an excuse to break contracts. Yes I can understand why microsoft and other American tech companies are so twitchy!

    1. heyrick Silver badge

      Isn't using a US based cloud provider as your backend already a direct contravention of EU data protection rules because of this and the Patriot Act?

      1. Vimes

        @heyrick

        You'd think so, but then you'd be forgetting the safe harbour (or harbor?) agreements that exist.

        The safe harbour scheme been accepted by the EU commission as something that provides an acceptable level of protection for personal data belonging to EU citizens despite the likes of the PATRIOT act, FISAAA, and the Reagan-era executive order 12333 amongst others.

        In reality though they provide even less protection for our information than the Mutual Legal Assistance Treaties that the US government seems to think it ought to be able to ignore with impunity.

        Oh, and the safe harbour scheme itself is overseen by the very people that want unquestioned access to all data. Everywhere.

        Politicians on our side of the pond still wonder why some of us might have an issue with that.

        There's talk about changing such arrangements of course, but at this point that all it is: talk.

        1. dan1980

          Re: @heyrick

          @Vimes

          "Politicians on our side of the pond still wonder why some of us might have an issue with that."

          But, but, if you've done nothing wrong . . . ?

          1. pdlane
            Big Brother

            Re: But, but, if you've done nothing wrong . . . ?

            In ameeriKAH's 4th Reich you are guilty until proven guilty

  10. VinceH

    'He said the current situation with the US demanding access to data stored in another jurisdiction was "fuzzycked up".'

    Fixed that for him!

  11. Stretch

    They may be totally in the right...

    ...but I want Microsoft to lose. There is a ton of money to be made from the FUD such a ruling would create.

  12. Anonymous Coward
    Anonymous Coward

    In Switzerland, the Confederation says no to USA over reach

    The Swiss government just cancelled all of its contracts with Cablecom (a US and UK owned telco - ISP) on the grounds that it cannot comply with Swiss data privacy legislation.

    Not good, not good at all, but to be expected in the face of US pigheadedness.

    Hopefully, the higher spheres will eventually get the message and decide that the rule of law and international cooperation is still the best answer,

    Article in French

    http://www.romandie.com/news/Apres-laffaire-NSA-la-Confederation-ecarte-Cablecom/528494.rom

    Cablecom will make a legal protest, but is unlikely to win any relief.

    Way to go Team USA !

    1. MacroRodent Silver badge

      Re: In Switzerland, the Confederation says no to USA over reach

      The Romandie seems to get its story from Berner Zeitung, in German. Link for those that read German better (like me, I almost learned German, but French overloaded by brain).

      http://www.bernerzeitung.ch/schweiz/standard/Bund-traut-der-Cablecom-nach-NSAAffaere-nicht-mehr/story/30526870

  13. channel extended
    Unhappy

    First an inch...

    Once the public courts have established that they can get anything they want then the secret courts (FISA, et al) will start seizing things. Face it an American court doesn't care, like, or trust anyone.

  14. JustNiz

    What a joke

    This is all just a giant charade by Microsoft. They are being vocal and visible about privacy only as a marketing strategy, and only because even Microsoft are starting to figure out that people actually care enough about privacy that it really does translate into purchasing decisions.

    They are simply trying to fool people into believing that contrary to the long history of hard evidence, Microsoft really aren't completely supportive and compliant in allowing the US and other government entities full access to any of the personal data that Microsoft OS's, browsers and apps already secretly collect on us. Don't believe me? just google cofee as one example of Microsoft's duplicity.

    It is really no secret that all Microsoft's encryption tech has government-sancitoned backdoors, and that Microsoft have been caught out multiple times at repeatedly doing things like designing IE to secretly store lists of every website you ever visited in files that the OS in turn explicitly hides.

    For most companies, a few low-key statements aboout protecting privacy would be enough, but because Microsoft were pretty much the pioneers of having PCs secretly undermine their owners privacy, they now need to fake an appearance of not only suddenly caring, but also becoming the staunchest advocates of privacy. Nothing less would cut it enough even to fool the most ignorant of masses. For those of us with longer memories than your average goldfish it just looks like what it really is: ridiculous. Anybody with half a clue just doesn't buy it, nor will ever trust Microsoft.

    1. dan1980

      Re: What a joke

      @JustNiz

      Good.

      People always talk about 'voting with their wallets' so it's nice to see it actually have a real effect.

      After all, if someone has signed up for (e.g.) Office 365 but then gets displeased with the privacy situation, what they really want is to stay with their current product (no one likes migrating!) and to have the unwelcome practices cease.

      Sure some want to punish the vendor by permanently moving away but most just want to get on with things so if MS is responding to market pressure and taking actions accordingly then this is a 'win'.

  15. Neoc

    Something hinky...

    "Judge Loretta Preska said that the location of the data was immaterial since Microsoft had "control" over it."

    I think I know the *real* reason MS and others are fighting this. A lot of their profits lie in the legal faction that (say) Microsoft Ireland is a separate company from Microsoft Netherlands and Microsoft USA. This allows them to transfer profit... er, licence products... from one company to another thereby minimising the actual profit in any one country with high tax rates.

    Now, along comes the US Government basically saying "screw this legal fiction: MS Ireland is part of MS USA, so hand over the data". If MS caves, *someone's* taxation department is going to turn around and reply "if you *are* the same company, here's your full-phat tax bill plus fines for screwing us around for the last x years."

    MS et al cannot afford (literally) this loophole to stand.

  16. Henry Wertz 1 Gold badge

    "It may well have been a good idea for the US not to play 'Gosh I am an idiot, I'll do it the idiot's way' and simply followed the laid down protocol and ask the right Irish authorities the right way. They would almost certainly have had the data by now..."

    But, they aren't really interested in the data. They are interested in using their opaque, "Let's not bother with warrants or any legal procedure", regime that they have going in the US, that the EU and Ireland would definitely not go for.

    Hate to say it (I'm all for more jobs here in the US), but -- EU companies, time to pull all your data centers out of the US!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020